Zignatures

November 5, 2014

In this blog post, we are going to show a simple example of the radare2 “zignatures” functionality. To manage “zignatures” in radare2, the only thing you have to do is type ‘z’ in the radare console. Here you can get more info on this ‘z’ command:

It’s time to open our stripped binary and watch which information is available. Load stripped binary with auto analysis:

$ r2 -A pid2

You can see that the stripped binary has no symbols, making our analysis more difficult. This situation is very common in CTFs. To recover some symbols from the binary we can use the zignatures we just created. Then we load the zignatures file: